Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for GeForce Experience by NVIDIA Corporation

    CVE-2019-5674 (GCVE-0-2019-5674)

    Vulnerability from nvd – Published: 2019-03-28 14:09 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, or escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2019-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
              },
              {
                "name": "107621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107621"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "NVIDIA Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 3.18"
                }
              ]
            }
          ],
          "datePublic": "2019-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, or escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-18T18:06:08.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
            },
            {
              "name": "107621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107621"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5674",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 3.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, or escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
                },
                {
                  "name": "107621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107621"
                },
                {
                  "name": "http://support.lenovo.com/us/en/solutions/LEN-27096",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5674",
        "datePublished": "2019-03-28T14:09:11.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6266 (GCVE-0-2018-6266)

    Vulnerability from nvd – Published: 2018-11-27 18:00 – Updated: 2024-09-16 22:45
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.16"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-04T18:06:07.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-6266",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6266",
        "datePublished": "2018-11-27T18:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:45:56.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6265 (GCVE-0-2018-6265)

    Vulnerability from nvd – Published: 2018-11-27 18:00 – Updated: 2024-09-16 18:55
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
    Severity
    No CVSS data available.
    CWE
    • Escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.16"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-04T18:06:07.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-6265",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6265",
        "datePublished": "2018-11-27T18:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:55:53.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6263 (GCVE-0-2018-6263)

    Vulnerability from nvd – Published: 2018-11-27 18:00 – Updated: 2024-09-17 02:00
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.16"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-04T18:06:07.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-6263",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6263",
        "datePublished": "2018-11-27T18:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:00:32.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6262 (GCVE-0-2018-6262)

    Vulnerability from nvd – Published: 2018-10-02 17:00 – Updated: 2024-09-16 16:59
    VLAI
    Summary
    NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Date Public
    2018-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.15"
                }
              ]
            }
          ],
          "datePublic": "2018-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-02T16:57:01.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-09-27T00:00:00",
              "ID": "CVE-2018-6262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6262",
        "datePublished": "2018-10-02T17:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:59:01.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6261 (GCVE-0-2018-6261)

    Vulnerability from nvd – Published: 2018-10-02 17:00 – Updated: 2024-09-17 02:06
    VLAI
    Summary
    NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
    Severity
    No CVSS data available.
    CWE
    • Code execution, denial of service, or escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2018-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.15"
                }
              ]
            }
          ],
          "datePublic": "2018-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code execution, denial of service, or escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-02T16:57:01.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-09-27T00:00:00",
              "ID": "CVE-2018-6261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code execution, denial of service, or escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6261",
        "datePublished": "2018-10-02T17:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:44.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0316 (GCVE-0-2017-0316)

    Vulnerability from nvd – Published: 2017-10-16 21:00 – Updated: 2024-09-16 19:21
    VLAI
    Summary
    In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service, Escalation of Privileges
    Assigner
    References
    Impacted products
    Date Public
    2017-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.x"
                }
              ]
            }
          ],
          "datePublic": "2017-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service, Escalation of Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-16T20:57:01.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2017-10-16T00:00:00",
              "ID": "CVE-2017-0316",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service, Escalation of Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2017-0316",
        "datePublished": "2017-10-16T21:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:21:07.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6250 (GCVE-0-2017-6250)

    Vulnerability from nvd – Published: 2017-04-28 21:00 – Updated: 2024-08-05 15:25
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.
    Severity
    No CVSS data available.
    CWE
    • Violation of application execution policy and local code execution
    Assigner
    References
    Impacted products
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:25:48.881Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
              },
              {
                "name": "98393",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98393"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.x"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Violation of application execution policy and local code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-19T09:57:02.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
            },
            {
              "name": "98393",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98393"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2017-6250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Violation of application execution policy and local code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
                },
                {
                  "name": "98393",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98393"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2017-6250",
        "datePublished": "2017-04-28T21:00:00.000Z",
        "dateReserved": "2017-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:25:48.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8827 (GCVE-0-2016-8827)

    Vulnerability from nvd – Published: 2016-12-16 21:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    Impacted products
    Date Public
    2016-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94964",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94964"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "datePublic": "2016-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-06T02:06:54.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "name": "94964",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94964"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2016-8827",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94964",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94964"
                },
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2016-8827",
        "datePublished": "2016-12-16T21:00:00.000Z",
        "dateReserved": "2016-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5674 (GCVE-0-2019-5674)

    Vulnerability from cvelistv5 – Published: 2019-03-28 14:09 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, or escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2019-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
              },
              {
                "name": "107621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107621"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "NVIDIA Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 3.18"
                }
              ]
            }
          ],
          "datePublic": "2019-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, or escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-18T18:06:08.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
            },
            {
              "name": "107621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107621"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5674",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 3.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, or escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
                },
                {
                  "name": "107621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107621"
                },
                {
                  "name": "http://support.lenovo.com/us/en/solutions/LEN-27096",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5674",
        "datePublished": "2019-03-28T14:09:11.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6263 (GCVE-0-2018-6263)

    Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-09-17 02:00
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.16"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-04T18:06:07.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-6263",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6263",
        "datePublished": "2018-11-27T18:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:00:32.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6265 (GCVE-0-2018-6265)

    Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-09-16 18:55
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
    Severity
    No CVSS data available.
    CWE
    • Escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.16"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-04T18:06:07.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-6265",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6265",
        "datePublished": "2018-11-27T18:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:55:53.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6266 (GCVE-0-2018-6266)

    Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-09-16 22:45
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.16"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-04T18:06:07.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-6266",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6266",
        "datePublished": "2018-11-27T18:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:45:56.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6262 (GCVE-0-2018-6262)

    Vulnerability from cvelistv5 – Published: 2018-10-02 17:00 – Updated: 2024-09-16 16:59
    VLAI
    Summary
    NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Date Public
    2018-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.15"
                }
              ]
            }
          ],
          "datePublic": "2018-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-02T16:57:01.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-09-27T00:00:00",
              "ID": "CVE-2018-6262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6262",
        "datePublished": "2018-10-02T17:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:59:01.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6261 (GCVE-0-2018-6261)

    Vulnerability from cvelistv5 – Published: 2018-10-02 17:00 – Updated: 2024-09-17 02:06
    VLAI
    Summary
    NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
    Severity
    No CVSS data available.
    CWE
    • Code execution, denial of service, or escalation of privileges
    Assigner
    References
    Impacted products
    Date Public
    2018-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.15"
                }
              ]
            }
          ],
          "datePublic": "2018-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code execution, denial of service, or escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-02T16:57:01.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2018-09-27T00:00:00",
              "ID": "CVE-2018-6261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code execution, denial of service, or escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2018-6261",
        "datePublished": "2018-10-02T17:00:00.000Z",
        "dateReserved": "2018-01-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:44.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0316 (GCVE-0-2017-0316)

    Vulnerability from cvelistv5 – Published: 2017-10-16 21:00 – Updated: 2024-09-16 19:21
    VLAI
    Summary
    In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service, Escalation of Privileges
    Assigner
    References
    Impacted products
    Date Public
    2017-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.x"
                }
              ]
            }
          ],
          "datePublic": "2017-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service, Escalation of Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-16T20:57:01.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "DATE_PUBLIC": "2017-10-16T00:00:00",
              "ID": "CVE-2017-0316",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service, Escalation of Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2017-0316",
        "datePublished": "2017-10-16T21:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:21:07.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6250 (GCVE-0-2017-6250)

    Vulnerability from cvelistv5 – Published: 2017-04-28 21:00 – Updated: 2024-08-05 15:25
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.
    Severity
    No CVSS data available.
    CWE
    • Violation of application execution policy and local code execution
    Assigner
    References
    Impacted products
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:25:48.881Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
              },
              {
                "name": "98393",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98393"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.x"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Violation of application execution policy and local code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-19T09:57:02.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
            },
            {
              "name": "98393",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98393"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2017-6250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Violation of application execution policy and local code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
                },
                {
                  "name": "98393",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98393"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2017-6250",
        "datePublished": "2017-04-28T21:00:00.000Z",
        "dateReserved": "2017-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:25:48.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8827 (GCVE-0-2016-8827)

    Vulnerability from cvelistv5 – Published: 2016-12-16 21:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    Impacted products
    Date Public
    2016-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94964",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94964"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeForce Experience",
              "vendor": "Nvidia Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "datePublic": "2016-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-06T02:06:54.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "name": "94964",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94964"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2016-8827",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nvidia Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94964",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94964"
                },
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2016-8827",
        "datePublished": "2016-12-16T21:00:00.000Z",
        "dateReserved": "2016-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }